tls13: Add checks of overread check failures
In Certificate message parsing tests with invalid vector lengths, add checks that the parsing failed on the expected overread check. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
ad8c17b9c6
commit
e7b9b6b380
1 changed files with 41 additions and 2 deletions
|
@ -106,6 +106,22 @@ void init_handshake_options( handshake_test_options *opts )
|
|||
opts->resize_buffers = 1;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_TEST_HOOKS)
|
||||
static void set_chk_buf_ptr_args(
|
||||
mbedtls_ssl_chk_buf_ptr_args *args,
|
||||
unsigned char *cur, unsigned char *end, size_t need )
|
||||
{
|
||||
args->cur = cur;
|
||||
args->end = end;
|
||||
args->need = need;
|
||||
}
|
||||
|
||||
static void reset_chk_buf_ptr_args( mbedtls_ssl_chk_buf_ptr_args *args )
|
||||
{
|
||||
memset( args, 0, sizeof( *args ) );
|
||||
}
|
||||
#endif /* MBEDTLS_TEST_HOOKS */
|
||||
|
||||
/*
|
||||
* Buffer structure for custom I/O callbacks.
|
||||
*/
|
||||
|
@ -2308,6 +2324,7 @@ exit:
|
|||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
|
||||
|
||||
#if defined(MBEDTLS_TEST_HOOKS)
|
||||
/*
|
||||
* Tweak vector lengths in a TLS 1.3 Certificate message
|
||||
*
|
||||
|
@ -2320,7 +2337,8 @@ exit:
|
|||
* MBEDTLS_SSL_CHK_BUF_READ_PTR failure is expected.
|
||||
*/
|
||||
int tweak_tls13_certificate_msg_vector_len(
|
||||
unsigned char *buf, unsigned char **end, int tweak, int *expected_result )
|
||||
unsigned char *buf, unsigned char **end, int tweak,
|
||||
int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args )
|
||||
{
|
||||
/*
|
||||
* The definition of the tweaks assume that the certificate list contains only
|
||||
|
@ -2362,6 +2380,7 @@ int tweak_tls13_certificate_msg_vector_len(
|
|||
* certificate list length can be read
|
||||
*/
|
||||
*end = buf + 3;
|
||||
set_chk_buf_ptr_args( args, buf, *end, 4 );
|
||||
break;
|
||||
|
||||
case 2:
|
||||
|
@ -2369,34 +2388,46 @@ int tweak_tls13_certificate_msg_vector_len(
|
|||
*/
|
||||
*p_certificate_request_context_len =
|
||||
certificate_request_context_len + 1;
|
||||
reset_chk_buf_ptr_args( args );
|
||||
break;
|
||||
|
||||
case 3:
|
||||
/* Failure when checking if certificate_list data can be read. */
|
||||
MBEDTLS_PUT_UINT24_BE( certificate_list_len + 1,
|
||||
p_certificate_list_len, 0 );
|
||||
set_chk_buf_ptr_args( args, certificate_list, *end,
|
||||
certificate_list_len + 1 );
|
||||
break;
|
||||
|
||||
case 4:
|
||||
/* Failure when checking if the cert_data length can be read. */
|
||||
MBEDTLS_PUT_UINT24_BE( 2, p_certificate_list_len, 0 );
|
||||
set_chk_buf_ptr_args( args, p_cert_data_len, certificate_list + 2, 3 );
|
||||
break;
|
||||
|
||||
case 5:
|
||||
/* Failure when checking if cert_data data can be read. */
|
||||
MBEDTLS_PUT_UINT24_BE( certificate_list_len - 3 + 1,
|
||||
p_cert_data_len, 0 );
|
||||
set_chk_buf_ptr_args( args, cert_data,
|
||||
certificate_list + certificate_list_len,
|
||||
certificate_list_len - 3 + 1 );
|
||||
break;
|
||||
|
||||
case 6:
|
||||
/* Failure when checking if the extensions length can be read. */
|
||||
MBEDTLS_PUT_UINT24_BE( certificate_list_len - extensions_len - 1,
|
||||
p_certificate_list_len, 0 );
|
||||
set_chk_buf_ptr_args( args, p_extensions_len,
|
||||
certificate_list + certificate_list_len - extensions_len - 1, 2 );
|
||||
break;
|
||||
|
||||
case 7:
|
||||
/* Failure when checking if extensions data can be read. */
|
||||
MBEDTLS_PUT_UINT16_BE( extensions_len + 1, p_extensions_len, 0 );
|
||||
|
||||
set_chk_buf_ptr_args( args, extensions,
|
||||
certificate_list + certificate_list_len, extensions_len + 1 );
|
||||
break;
|
||||
|
||||
default:
|
||||
|
@ -2405,6 +2436,7 @@ int tweak_tls13_certificate_msg_vector_len(
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_TEST_HOOKS */
|
||||
/* END_HEADER */
|
||||
|
||||
/* BEGIN_DEPENDENCIES
|
||||
|
@ -5815,6 +5847,7 @@ void tls13_server_certificate_msg_invalid_vector_len( )
|
|||
size_t buf_len;
|
||||
int step = 0;
|
||||
int expected_result;
|
||||
mbedtls_ssl_chk_buf_ptr_args expected_chk_buf_ptr_args;
|
||||
|
||||
/*
|
||||
* Test set-up
|
||||
|
@ -5862,7 +5895,7 @@ void tls13_server_certificate_msg_invalid_vector_len( )
|
|||
*/
|
||||
|
||||
ret = tweak_tls13_certificate_msg_vector_len(
|
||||
buf, &end, step, &expected_result );
|
||||
buf, &end, step, &expected_result, &expected_chk_buf_ptr_args );
|
||||
|
||||
if( ret != 0 )
|
||||
break;
|
||||
|
@ -5870,6 +5903,11 @@ void tls13_server_certificate_msg_invalid_vector_len( )
|
|||
ret = mbedtls_ssl_tls13_parse_certificate( &(client_ep.ssl), buf, end );
|
||||
TEST_EQUAL( ret, expected_result );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_cmp_chk_buf_ptr_fail_args(
|
||||
&expected_chk_buf_ptr_args ) == 0 );
|
||||
|
||||
mbedtls_ssl_reset_chk_buf_ptr_fail_args( );
|
||||
|
||||
ret = mbedtls_ssl_session_reset( &(client_ep.ssl) );
|
||||
TEST_EQUAL( ret, 0 );
|
||||
|
||||
|
@ -5878,6 +5916,7 @@ void tls13_server_certificate_msg_invalid_vector_len( )
|
|||
}
|
||||
|
||||
exit:
|
||||
mbedtls_ssl_reset_chk_buf_ptr_fail_args( );
|
||||
mbedtls_endpoint_free( &client_ep, NULL );
|
||||
mbedtls_endpoint_free( &server_ep, NULL );
|
||||
USE_PSA_DONE( );
|
||||
|
|
Loading…
Reference in a new issue